package com.ld.admin.shiro;

import java.util.HashSet;
import java.util.Set;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;

import com.ld.admin.model.system.SystemUser;
import com.ld.admin.service.user.UserService;
import com.ld.shieldsb.common.core.model.Result;

@Component
public class CustomRealm extends AuthorizingRealm {
    private UserService userService = new UserService();

    /**
     * 获取身份验证信息 Shiro中，最终是通过 Realm 来获取应用程序中的用户、角色及权限信息的。
     *
     * @param authenticationToken
     *            用户身份信息 token
     * @return 返回封装了用户信息的 AuthenticationInfo 实例
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("————身份认证方法————");
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        // 从数据库获取对应用户名密码的用户
        String password = new String((char[]) token.getCredentials());
        Result result = userService.authenticate(token.getUsername(), password);
        if (!result.getSuccess()) {
            throw new AccountException(result.getMessage());
        }
        /**
         * 进行验证 -> 注：shiro会自动验证密码<br>
         * 参数1：principal -> 放对象就可以在页面任意地方拿到该对象里面的值<br>
         * 参数2：hashedCredentials -> 密码<br>
         * 参数3：realmName -> 自定义的Realm<br>
         */
        SystemUser user = (SystemUser) result.getData();
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, password, getName());
        return authenticationInfo;
    }

    /**
     * 获取授权信息<br>
     * 赋予角色和权限:用户进行权限验证时 Shiro会去缓存中找,如果查不到数据,会执行这个方法去查权限,并放入缓存中<br>
     * 调用该方法的前提<br>
     * 1、url有匹配上的Filter<br>
     * 2、Filter中调用getSubject(request, response).isPermitted(xxx)或者getSubject(request, response).hasRole(xxx)时调用
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("————权限认证————");
        System.out.println(SecurityUtils.getSubject().getPrincipals());
        System.out.println(principalCollection);
        SystemUser user = (SystemUser) SecurityUtils.getSubject().getPrincipal();
        // 获取登录用户名
        SystemUser name = (SystemUser) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 获得该用户角色
        String role = "角色";// userService.getRole(username);
        Set<String> set = new HashSet<>();
        // 需要将 role 封装到 Set 作为 info.setRoles() 的参数
        set.add(role);
        // 设置该用户拥有的角色
        info.setRoles(set);
        return info;
    }
}